Why the FBI isn’t your biggest mobile worry

For most consumers, the court order for Apple to help the FBI access iPhone data isn’t something to lose sleep over. There are bigger worries for your mobile phone’s security, such as criminals.

On Tuesday, a U.S. magistrate ordered Apple to help the FBI unlock a phone belonging to one of the shooters in San Bernardino, California. Apple chief’s executive, Tim Cook, responded in a letter to customers Wednesday, calling the request “chilling.”

“If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data,” he said in the letter. (IPhone data is encrypted when the device is locked. Apple has said it doesn’t store passwords and cannot open a locked phone.)

But some security experts say the court order isn’t, as Cook has interpreted, a broad request for the government to monitor your iPhone. “They don’t care what’s on your phone,” said J.J. Thompson, co-founder and chief executive of Rook Security, an IT security firm. This is a specific request with a particular phone in a case with exigent circumstances, he said.

“The request is, please help me hack that individual iPhone… and there are plenty of methods today of doing that,” said Morey Haber, vice president of technology for BeyondTrust, another IT security firm. “I don’t think the average user should be worried unless Apple does admit to creating a [broader] method for the government to come in.”

That could open the door for more widespread surveillance or hacks, he said, as showcased in the recently discovered Juniper Networks vulnerability. Congress is investigating the possibility the National Security Agency initially requested the software alteration.

Right now, consumers should worry more about criminals’ designs on their phones. Although mobile hacking still isn’t widespread, it is on the rise: Last year, 8 percent of businesses cited mobile fraud as a prevalent threat, from 3 percent in 2014, according to IDology, an identity verification firm.

“Our security mindset has not adapted,” Al Pascual, director of fraud and security for Javelin, told CNBC.com earlier this year. Consumers who know to set strong passwords on their computers and avoid clicking on suspicious emailed links don’t necessarily take the same precautions on their phones, he said — despite making more mobile purchases and other sensitive financial transactions.

Start by exercising good password habits, said Thompson. A 2014 Consumer Reports survey found that a third of smartphone owners don’t use passwords to protect their phones. Set one — and ideally, one that isn’t as guessable as a birthday or 1234 — and update it regularly.

Don’t streamline access so that your fingerprint can be used to both unlock your phone and authorize purchases or access apps. While convenient, said Haber, it’s risky if the technology is hacked or otherwise fooled.

Update your phone as soon as operating system updates become available, said Thompson. That helps ensure you’re not leaving your phone open to known — and patched — vulnerabilities.

As with your computer, it’s also smart to be careful about what sites you access and apps you download. Don’t click on suspicious links, and stick with legit app stores to avoid malware, said Haber.

“You have to be mindful of what you’re carrying around in your pocket,” he said.

SHOW COMMENTS Please add a username to view or add commentsPublic Username for Commenting